Nexus3 Container setup with SSL/Keystore
213 views
Skip to first unread message
Stefan Vetter
Oct 31, 2016, 2:11:47 PM10/31/16
to Nexus Users
Hi all,
can you probably tell me where to mount/configure the keystore/https/ssl stuff in Nexus3 (running in a container), because I don't want to do that inside the container, but mount the configs/files into the container (which basically is how containers should be configured).
Thanks,
Stefan
Bradley Beck
Oct 31, 2016, 2:37:43 PM10/31/16
to Nexus Users
Stefan,
I think this may be close to what you are asking for:
Cheers,
-Brad
--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/57f8a131-1299-45b5-8b91-5b26d68f754f%40glists.sonatype.com.
For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.
Fraser Goffin
Oct 31, 2016, 4:21:49 PM10/31/16
to Stefan Vetter, Nexus Users
> basically is how containers should be configured
Really ? .. well it's *a* way although I'm bound to say that approach
tends to lead to running 'pet' hosts which many people would consider
as an anti-pattern (relative to a fully baked immutable image). My
opinion doesn't really matter in the context of your question and
indeed, as always, YMMV, so please don't take this as criticism, but,
.. just saying.
Paul Parsons
Oct 31, 2016, 4:24:31 PM10/31/16
to Fraser Goffin, Stefan Vetter, Nexus Users
Aren't you better off pushing sensitive info in with Ansible or such like ?
 |
Paul Parsons CTO The Server Labs Mobile: +44 7914 163 676 Mobile: +34 696 586 841 |
On 31 October 2016 at 20:21, Fraser Goffin <gof...@gmail.com> wrote:
> basically is how containers should be configured
Really ? .. well it's *a* way although I'm bound to say that approach
tends to lead to running 'pet' hosts which many people would consider
as an anti-pattern (relative to a fully baked immutable image). My
opinion doesn't really matter in the context of your question and
indeed, as always, YMMV, so please don't take this as criticism, but,
.. just saying.
On 31/10/2016, Stefan Vetter <scve...@gmail.com> wrote:
>
>
> Hi all,
>
>
>
> can you probably tell me where to mount/configure the keystore/https/ssl
> stuff in Nexus3 (running in a container), because I don't want to do that
> inside the container, but mount the configs/files into the container (which
>
> basically is how containers should be configured).
>
>
>
>
>
> Thanks,
>
> Stefan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Nexus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nexus-users+unsubscribe@glists.sonatype.com.
> To post to this group, send email to nexus...@glists.sonatype.com.
> To view this discussion on the web visit
> https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/57f8a131-1299-45b5-8b91-5b26d68f754f%40glists.sonatype.com.
> For more options, visit
> https://groups.google.com/a/glists.sonatype.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users+unsubscribe@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/CAJ6jfGGDxZ5c4tm0627be%3DmcV9yfQNhH%3DxX_RKFVdhGiU8uo0Q%40mail.gmail.com.
Stefan Vetter
Oct 31, 2016, 4:49:11 PM10/31/16
to Nexus Users, scve...@gmail.com
Not taking this as offense or such. Basically I would not place files onto disk and mount them as pets, but I would store this stuff in kubernetes and mount it from there. Images should be immutable and configured from outside, to keep them transparent, moveable, reusable and secure ;-)
Fraser Goffin
Oct 31, 2016, 5:22:06 PM10/31/16
to Stefan Vetter, Nexus Users
Agreed, good plan ;-)
On 31/10/2016, Stefan Vetter <scve...@gmail.com> wrote:
> Not taking this as offense or such. Basically I would not place files onto
> disk and mount them as pets, but I would store this stuff in kubernetes and
>
> mount it from there. Images should be immutable and configured from
> outside, to keep them transparent, moveable, reusable and secure ;-)
>
>
> On Monday, October 31, 2016 at 9:21:49 PM UTC+1, Fraser wrote:
>>
>> > basically is how containers should be configured
>>
>> Really ? .. well it's *a* way although I'm bound to say that approach
>> tends to lead to running 'pet' hosts which many people would consider
>> as an anti-pattern (relative to a fully baked immutable image). My
>> opinion doesn't really matter in the context of your question and
>> indeed, as always, YMMV, so please don't take this as criticism, but,
>> .. just saying.
>>
On 31/10/2016, Stefan Vetter <scve...@gmail.com> wrote:
> Not taking this as offense or such. Basically I would not place files onto
> disk and mount them as pets, but I would store this stuff in kubernetes and
>
> mount it from there. Images should be immutable and configured from
> outside, to keep them transparent, moveable, reusable and secure ;-)
>
>
> On Monday, October 31, 2016 at 9:21:49 PM UTC+1, Fraser wrote:
>>
>> > basically is how containers should be configured
>>
>> Really ? .. well it's *a* way although I'm bound to say that approach
>> tends to lead to running 'pet' hosts which many people would consider
>> as an anti-pattern (relative to a fully baked immutable image). My
>> opinion doesn't really matter in the context of your question and
>> indeed, as always, YMMV, so please don't take this as criticism, but,
>> .. just saying.
>>
>> On 31/10/2016, Stefan Vetter <scve...@gmail.com <javascript:>> wrote:
>> >
>> >
>> > Hi all,
>> >
>> >
>> >
>> > can you probably tell me where to mount/configure the keystore/https/ssl
>> >
>> > stuff in Nexus3 (running in a container), because I don't want to do
>> that
>> > inside the container, but mount the configs/files into the container
>> (which
>> >
>> > basically is how containers should be configured).
>> >
>> >
>> >
>> >
>> >
>> > Thanks,
>> >
>> > Stefan
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Nexus Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an
>> > email to nexus-users...@glists.sonatype.com <javascript:>.
>> >
>> >
>> > Hi all,
>> >
>> >
>> >
>> > can you probably tell me where to mount/configure the keystore/https/ssl
>> >
>> > stuff in Nexus3 (running in a container), because I don't want to do
>> that
>> > inside the container, but mount the configs/files into the container
>> (which
>> >
>> > basically is how containers should be configured).
>> >
>> >
>> >
>> >
>> >
>> > Thanks,
>> >
>> > Stefan
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Nexus Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an
>> > To post to this group, send email to nexus...@glists.sonatype.com
>> <javascript:>.
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/57f8a131-1299-45b5-8b91-5b26d68f754f%40glists.sonatype.com.
>>
>>
>> > For more options, visit
>> > https://groups.google.com/a/glists.sonatype.com/d/optout.
>> >
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Nexus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nexus-users...@glists.sonatype.com.
> To post to this group, send email to nexus...@glists.sonatype.com.
> To view this discussion on the web visit
> https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/2f82292d-09fc-4fca-b593-8480675e160e%40glists.sonatype.com.
>> >
>> https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/57f8a131-1299-45b5-8b91-5b26d68f754f%40glists.sonatype.com.
>>
>>
>> > For more options, visit
>> > https://groups.google.com/a/glists.sonatype.com/d/optout.
>> >
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Nexus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nexus-users...@glists.sonatype.com.
> To post to this group, send email to nexus...@glists.sonatype.com.
> To view this discussion on the web visit
Stefan Vetter
Oct 31, 2016, 6:06:27 PM10/31/16
to Nexus Users
Hi Brad,
I like this, can you also tell me what the default password is that nexus uses for the keystore and/or how to change this?
Thanks,
Stefan
Bradley Beck
Nov 1, 2016, 8:52:01 AM11/1/16
to Nexus Users
Stefan,
That information resides in /opt/sonatype/nexus/etc/jetty/jetty-https.xml inside the container.
-Brad
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/f184ecc3-215e-4f80-bdd4-4450ba947945%40glists.sonatype.com.
Reply all
Reply to author
Forward
0 new messages